The global computer network system, known as the internet, is useful for delivering and sending messages or electronic mail (i.e., email) between users. Internet email servers are used to facilitate the transfer of email messages received from other email servers and users.
In one agreed upon email standard (such as for example, SMTP, which stands for Simple Mail Transport Protocol) the utilized email servers that comply with the standard, either accept or reject a message received from another email server.
The email server's decision to accept or reject an email message is typically driven by the email server checking the email recipient's address with a list of email addresses for which the server is configured to accept the mail. If the recipient's address is not found within such list, the server rejects the email with an associated error code to the connected client that has sent the server the email in the first place.
For operators of email servers that use a list of known users (also known as “directory services”), to determine whether or not to accept an inbound email, there exists an opportunity of a dictionary or directory harvest attack.
Dictionary attacks are an attempt by unauthorized individuals or systems to derive a list of known valid email addresses, for a particular internet domain, by analyzing the returned error codes and messages from a large plurality of rejected emails and messages. The purpose of collecting and generating this unauthorized list is for selling the list to entities that would use it for sending unsolicited emails (SPAM).
The procedure of a dictionary attack is commenced in an automatic fashion by attempting to send a single or various email messages to a large number of distinct email addressees within a given domain name. The tentative addressee names sometimes are automated and generated in sequence (for example, aa@example.com, ab@example.com) or may be generated in other patterns, including random or a pseudo-random fashion, in an effort to avoid detection.
A dynamic system for detecting and mitigating the directory harvest attack and mitigating the attack would reduce spam levels and prevent unauthorized entities from deriving known good email addresses for a particular domain.